Skip to main content
SpringerLink
Log in

An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

It has been increasingly important for Pervasive and Ubiquitous Applications (PUA) of the network traffic, especially anomaly detection which plays a critical role in enforcing a high protection level of the network against threats. In this paper, we present a network traffic anomaly detection method based on the catastrophe theory. In order to characterize the normal behavior of the network, we construct a profile of the normal network traffic by using an equilibrium surface of the catastrophe theory. When anomalies occur, the state of the network traffic will deviate from the normal equilibrium surface. Then, taking the normal equilibrium surface as a reference, we monitor the ongoing network traffic and we use a new index called as catastrophe distance to quantify the deviation. According to the decision theory, network traffic anomalies can be identified by the catastrophe distance. We evaluate the performance of our approach using the DARPA intrusion detection data set. Experiment results show that our approach is significantly effective on the network traffic anomaly detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Roesch M (1999) Snort–lightweight intrusion detection for networks. In: Proc of LISA ’99: 13th systems administration conference, pp 229–238

    Google Scholar 

  2. Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463

    Article  Google Scholar 

  3. Beghdad R (2004) Modelling and solving the intrusion detection problem in computer networks. Comput Secur 23(8):687–696

    Article  Google Scholar 

  4. Horng S, Fan P, Chou Y et al (2008) A feasible intrusion detector for recognizing IIS attacks based on neural networks. Comput Secur 27(3-4):84–100

    Article  Google Scholar 

  5. Lippmann R, Fried D, Graf I et al (2000) Evaluating intrusion detection systems: the 1998 DARPA off-lineintrusion detection evaluation. In: Proc of the DARPA information survivability conference and exposition. IEEE Computer Society Press, Los Alamitos,

    Google Scholar 

  6. Lippmann R, Haines J, Fried D et al (2000) The 1999 DARPA off-line intrusion detection evaluation. Comput Netw 34(4):579–595

    Article  Google Scholar 

  7. Mahoney M, Chan P (2001) PHAD: packet header anomaly detection for identifying hostile network traffic. Florida Institute of Technology technical report CS-2001-04

  8. Barbara D, Wu N, Jajodia S (2001) Detecting novel network intrusions using Bayes estimators. In: Proceedings of the 1st SIAM international conference on data mining, Chicago, pp 24–29

    Google Scholar 

  9. Yegneswaran V, Giffin J, Barford P et al (2005) An architecture for generating semantics-aware signatures. In: USENIX security symposium, Baltimore, MD, USA, 2005, pp 97–112

    Google Scholar 

  10. Paschalidis I, Smaragdakis G (2009) Spatio-temporal network anomaly detection by assessing deviations of empirical measures. IEEE/ACM Trans Netw 17(3):685–697

    Article  Google Scholar 

  11. Qiao Y, Xin X, Bin Y et al (2002) Anomaly intrusion detection method based on HMM. Electron Lett 38(13):663–664

    Article  Google Scholar 

  12. Lakhina A, Crovella M, Diot C (2005) Mining anomalies using traffic feature distributions. In: SIGCOMM ’05, New York, NY, USA. ACM Press, New York, pp 217–228

    Chapter  Google Scholar 

  13. Lee S, Heinbuch D (2001) Training a neural-network based intrusion detector to recognize novel attacks. IEEE Trans Syst Man Cybern, Part A, Syst Hum 31(4):294–299

    Article  Google Scholar 

  14. Ziviani A, Gomes A, Monsores M et al (2007) Network anomaly detection using nonextensive entropy. IEEE Commun Lett 11(12):1034–1036

    Article  Google Scholar 

  15. Xie Y, Yu S (2009) A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans Netw 17(1):54–65

    Article  Google Scholar 

  16. Mai J, Sridharan A, Chuah C et al (2006) Impact of packet sampling on portscan detection. IEEE J Sel Areas Commun 24(12):2285–2298

    Article  Google Scholar 

  17. Paschalidis I, Smaragdakis G (2009) Spatio-temporal network anomaly detection by assessing deviations of empirical measures. IEEE/ACM Trans Netw 17(3):685–697

    Article  Google Scholar 

  18. Ryutov T, Neuman C, Dongho K et al (2003) Integrated access control and intrusion detection for web servers. IEEE Trans Parallel Distrib Syst 14(9):841–850

    Article  Google Scholar 

  19. Shon T, Moon, J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821

    Article  Google Scholar 

  20. Wang G, Antar G, Devynck P (2000) The Hurst exponent and long-time correlation. Phys Plasmas 7:1181

    Article  Google Scholar 

  21. Adas A (1997) Traffic models in broadband networks. IEEE Commun Mag 35(7):82–89

    Article  Google Scholar 

  22. Amaral L, Ottino J (2004) Complex networks. Eur Phys J B, Condens Matter Complex Syst 38(2):147–162

    Article  Google Scholar 

  23. Wei X, Han-ping H, Yue Y (2007) Anomaly detection of network traffic based on autocorrelation principle. J Commun Comput 4(8):15–19

    Google Scholar 

  24. Denning D (1987) An intrusion-detection model. IEEE Trans Softw Eng 13(2):222–232

    Article  Google Scholar 

  25. Lane T, Brodley C (1999) Temporal sequence learning and data reduction for anomaly detection. ACM Trans Inf Syst Secur 2(3):295–331

    Article  Google Scholar 

  26. Ghosh A, Schwartzbard A, Schatz M (1999) Learning program behavior profiles for intrusion detection. In: USENIX workshop on intrusion detection and network monitoring, Santa Clara, CA, pp 51–62

    Google Scholar 

  27. Forrest S, Hofmeyr S, Somayjia A (1997) Commun ACM, Comput Immunol 40(10):88–96

    Article  Google Scholar 

  28. Zhang Y, Lee W (2000) Intrusion detection in wireless ad-hoc networks. In: Proc MobiCom. ACM Press, New York, pp 275–283

    Chapter  Google Scholar 

  29. Barford P, Kline J, Plonka D et al (2002) A signal analysis of network traffic anomalies. In: Proc of the ACM SIGCOMM workshop on internet measurement, Marseille, France. ACM Press, New York, pp 71–82

    Chapter  Google Scholar 

  30. Paschalidis I, Vassilaras S (2001) On the estimation of buffer overflow probabilities from measurements. IEEE Trans Inf Theory 47(1):178–191

    Article  MathSciNet  MATH  Google Scholar 

  31. Paschalidis I, Vassilaras S (2001) Model-based estimation of buffer overflow probabilities from measurements. ACM SIGMETRICS Perform Eval Rev 29(1):154–163

    Article  MathSciNet  Google Scholar 

  32. Rawat S, Gulati V, Pujari A (2005) A fast host-based intrusion detection system using rough set theory. Trans Rough Sets IV:144–161

    Google Scholar 

  33. Liao Y, Vemuri V (2002) Use of K-Nearest Neighbor classifier for intrusion detection. Comput Secur 21(5):439–448

    Article  Google Scholar 

  34. Lee W, Xiang D (2001) Information-theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE symposium on security and privacy, pp 130–143

    Google Scholar 

  35. Yue Y, Han-Ping H, Wei X et al (2010) Network traffic anomaly detection method based on a feature of catastrophe theory. Chin Phys Lett 27(6):060501

    Article  Google Scholar 

  36. Lin J, Yang X, Long K et al (2008) Catastrophe model construction and verification for network anomaly detection. In: Proc. SPIE, p 71371Q–8

    Google Scholar 

  37. Thom R (1977) Structural stability, catastrophe theory, and applied mathematics. SIAM Rev 19(2):189–201

    Article  MathSciNet  MATH  Google Scholar 

  38. Jammernegg W, Fischer E (1986) Economic applications and statistical analysis of the cusp catastrophe model. Math Methods Oper Res 30(2):45–58

    Article  MathSciNet  Google Scholar 

  39. Clair S (1998) A cusp catastrophe model for adolescent alcohol use: an empirical test. Nonlinear Dyn Psychol Life Sci 2(3):217–241

    Article  Google Scholar 

  40. Hoeffding W (1965) Asymptotically optimal tests for multinomial distributions. Ann Math Stat 36(2):369–401

    Article  MathSciNet  MATH  Google Scholar 

  41. Evans M, Hastings N, Peacock B et al (1993) Statistical distributions. Wiley, New York

    MATH  Google Scholar 

  42. Lawless J (1982) Statistical models and methods for lifetime data. Wiley, New York

    MATH  Google Scholar 

  43. Meeker W, Escobar L (1998) Statistical methods for reliability data. Wiley, New York

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Pattern Recognition & AI, Huazhong University of Science and Technology, Wuhan, China

    Wei Xiong & Hanping Hu

  2. Center of Computing & Experimenting, South Central University for Nationalities, Wuhan, China

    Wei Xiong

  3. Dept of Computer Science, Georgia State University, Atlanta, GA, USA

    Naixue Xiong

  4. Dept of Computer Science, St. Francis Xavier University, Antigonish, NS, Canada

    Laurence T. Yang

  5. Dept of Computer Science and Engineering, Seoul National Univ. of Science and Technology (SeoulTech), Seoul, Korea

    Jong Hyuk Park

  6. Information school, Zhongnan University of Economic & Law, Wuhan, P.R. China

    Qian Wang

Authors
  1. Wei Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Naixue Xiong
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Laurence T. Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jong Hyuk Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Hanping Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Qian Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Wei Xiong or Hanping Hu.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Xiong, W., Xiong, N., Yang, L.T. et al. An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory. J Supercomput 64, 274–294 (2013). https://doi.org/10.1007/s11227-011-0644-y

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-011-0644-y

Keywords

Search

Navigation